Closed
Bug 1527571
Opened 7 years ago
Closed 6 years ago
giving cloudops scopes for mozilla-releng/product-details repository secrets/roles
Categories
(Taskcluster :: Operations and Service Requests, task)
Taskcluster
Operations and Service Requests
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: garbas, Assigned: tomprince)
References
Details
Attachments
(1 file)
Please give mozilla-group:team_services_ops the following scopes:
- assume:repo:github.com/mozilla-releng/product-details*
- auth:create-role:repo:github.com/mozilla-releng/product-details*
- auth:delete-role:repo:github.com/mozilla-releng/product-details*
- auth:update-role:repo:github.com/mozilla-releng/product-details*
- secrets:get:repo:github.com/mozilla-releng/product-details*
- secrets:set:repo:github.com/mozilla-releng/product-details*
Thank you.
|
Assignee | |
Comment 1•6 years ago
|
||
Are all those scopes required, or are the secrets:* scopes there enough?
It isn't clear to me how the first four scopes are going to be used.
Assignee: nobody → mozilla
Status: NEW → ASSIGNED
Flags: needinfo?(rgarbas)
|
Reporter | |
Comment 2•6 years ago
|
||
:tomprince above scopes would allow cloudops to create roles with scopes over different branch (testing/staging/production).
Flags: needinfo?(rgarbas)
|
|
Assignee | |
Comment 3•6 years ago
|
||
We have been moving to maanging roles via ci-config and ci-admin, which is soon going have support for github repos.
Given that, I'd rather not hand out scopes for managing those roles manually. Given that' I'll go ahead and grant access to just the secrets for the moment. We can revisit this later, if more turn out to be necessary.
|
|
Assignee | |
Comment 4•6 years ago
|
||
|
|
Assignee | |
Comment 5•6 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•